Refactors style bundling so it's easy to avoid an insecure CSP
This commit is contained in:
@ -112,3 +112,12 @@ Deploy this Eleventy site in just a few clicks on these services:
|
||||
- `_includes/layouts/post.njk`: the blog post template (wrapped into `base.njk`)
|
||||
- `_includes/postslist.njk` is a Nunjucks include and is a reusable component used to display a list of all the posts. `content/index.njk` has an example of how to use it.
|
||||
|
||||
If your site enforces a Content Security Policy (as public-facing sites should), either, in `base.njk`, disable
|
||||
```html
|
||||
<style>{% getBundle "css" %}</style>
|
||||
```
|
||||
and enable
|
||||
```html
|
||||
<link rel="stylesheet" href="{% getBundleFileUrl "css" %}">
|
||||
```
|
||||
or configure the server with the CSP directive `style-src: 'unsafe-inline'` (which is less secure).
|
||||
|
Reference in New Issue
Block a user